1. 7
  1. 6

    This is a rant. It’s poorly written. It’s not about programming. The citations aren’t machine readable?

    But, it is about infrastructure. I say it stays. (Or we replace it with some other document that puts all the same points in one place, but with less ranting and better writing. That would be fine.)

    There are lots of things in there that I know to be true, one thing I hadn’t thought about but makes sense, and one thing that is deeply troubling.

    That BBC article really drives the point home. If Matthew Prince was running a honeypot-as-a-service operation in 2004, he’s a digital native. He’s from our home, eh? This is why the internet is so mad at cloudflare… They speak our language, with our accent, and yet they are harming the internet. What gall!

    1. 1

      Cloudflare is a market solution to a technical problem. If internet idealists are mad, it’s because their dreams of a decentralized internet for everyone crashed against the realities of insecure clients and routers (enabling trivial DDoS attacks) a long time ago.

      DDoS protection is a low-margin, capital-intensive product. It lends itself to the formation of natural monopolies easily. The solution is regulation, which inevitably would lead to higher prices for many consumers.

      The free service Cloudflare offers is a form of speech protection too - it prevents anyone with a grudge knocking someone’s site off the internet “for the lulz”.

      1. 2

        This post isn’t about DDoS. To my eye, it is primarily about the origin story of this company that now handles TLS connections for a huge swath of the internet. That part is at the bottom. The rest of the post simply describes all the power CF has–as most of us know. If the company’s values are in line with Internet-engineering values and somehow they keep their values, everything will be fine, right?

        Well, let’s look at that origin story.

        Here’s a snippet of the BBC article (2016), with my edits marked with square brackets.

        Five years later [that would be 2009] Mr Prince was doing a Master of Business Administration (MBA) at Harvard Business School, and the [honeypot] project was far from his mind, when he got an unexpected phone call from the US Department of Homeland Security asking him about the information he had gathered on attacks.

        Mr Prince recalls: “They said ‘do you have any idea how valuable data you [collected from all the hosts that participated in your honeypot project] is? Is there any way you would sell us that data?’.

        “I added up the cost of running it, multiplied it by ten, and said ‘how about $20,000 (£15,000)?’.

        “It felt like a lot of money. That cheque showed up so fast.”

        Mr Prince, who has a degree in computer science, adds: “I was telling the story to Michelle Zatlyn, one of my classmates, and she said, ‘if they’ll pay for it, other people will pay for it’.”

        Ouch! This really shines a different light on all those captchas targeted at tor users.

        (Anyway, about the DDoS protection racket though… (heh) I favor posting content on something like IPFS. Will somebody figure out how to deny that service one day? Probably. Moving target. CF’s approach of simply having a larger pipe (or many large pipes, and “simply” just does not apply) isn’t the last word in DDoS protection.)

    2. 3

      This is the first time I’ve seen the schizophrenic street art style in Markdown form. Very cool!